diff mbox

Guarantee a 0-terminated string for all usages of strncpy()

Message ID B0FB33DC1499054591F62C0EF1E013D7684C8400@HI2EXCH01.adit-jv.com (mailing list archive)
State New, archived
Headers show

Commit Message

Timo Wischer Dec. 1, 2017, 9:58 a.m. UTC 
Hi all,

see attached a patch for ensuring a 0-terminated string when using strncpy().
I observed this issue in the ext control implementation.

Best regards

Timo Wischer

Advanced Driver Information Technology GmbH
Engineering Software Base (ADITG/ESB)
Robert-Bosch-Str. 200
31139 Hildesheim
Germany

Tel. +49 5121 49 6938
Fax +49 5121 49 6999
twischer@de.adit-jv.com

ADIT is a joint venture company of Robert Bosch GmbH/Robert Bosch Car Multimedia GmbH and DENSO Corporation
Sitz: Hildesheim, Registergericht: Amtsgericht Hildesheim HRB 3438
Geschäftsführung: Wilhelm Grabow, Ken Yaguchi
diff mbox

Patch

From b08dd2d395fc1d051345f19d12b62b2faa14bc67 Mon Sep 17 00:00:00 2001
From: Timo Wischer <twischer@de.adit-jv.com>
Date: Fri, 1 Dec 2017 10:45:04 +0100
Subject: Always terminate string with 0 which was copied with strncpy()

Signed-off-by: Timo Wischer <twischer@de.adit-jv.com>

diff --git a/src/control/control.c b/src/control/control.c
index 11f7815..34a8dee 100644
--- a/src/control/control.c
+++ b/src/control/control.c
@@ -1804,6 +1804,7 @@  void snd_ctl_elem_id_set_name(snd_ctl_elem_id_t *obj, const char *val)
 {
 	assert(obj);
 	strncpy((char *)obj->name, val, sizeof(obj->name));
+	obj->name[sizeof(obj->name)-1] = 0;
 }
 
 /**
@@ -2722,6 +2723,7 @@  void snd_ctl_elem_info_set_name(snd_ctl_elem_info_t *obj, const char *val)
 {
 	assert(obj);
 	strncpy((char *)obj->id.name, val, sizeof(obj->id.name));
+	obj->id.name[sizeof(obj->id.name)-1] = 0;
 }
 
 /**
@@ -2944,6 +2946,7 @@  void snd_ctl_elem_value_set_name(snd_ctl_elem_value_t *obj, const char *val)
 {
 	assert(obj);
 	strncpy((char *)obj->id.name, val, sizeof(obj->id.name));
+	obj->id.name[sizeof(obj->id.name)-1] = 0;
 }
 
 /**
diff --git a/src/mixer/simple_none.c b/src/mixer/simple_none.c
index e9dc173..327047c 100644
--- a/src/mixer/simple_none.c
+++ b/src/mixer/simple_none.c
@@ -1334,6 +1334,7 @@  static int enum_item_name_ops(snd_mixer_elem_t *elem,
 	snd_ctl_elem_info_set_item(&info, item);
 	snd_hctl_elem_info(helem, &info);
 	strncpy(buf, snd_ctl_elem_info_get_item_name(&info), maxlen);
+	buf[maxlen-1] = 0;
 	return 0;
 }
 
diff --git a/src/pcm/pcm_direct.c b/src/pcm/pcm_direct.c
index abf7378..0117223 100644
--- a/src/pcm/pcm_direct.c
+++ b/src/pcm/pcm_direct.c
@@ -767,8 +767,11 @@  int snd_pcm_direct_info(snd_pcm_t *pcm, snd_pcm_info_t * info)
 	/* FIXME: fill this with something more useful: we know the hardware name */
 	if (pcm->name) {
 		strncpy((char *)info->id, pcm->name, sizeof(info->id));
+		info->id[sizeof(info->id)-1] = 0;
 		strncpy((char *)info->name, pcm->name, sizeof(info->name));
+		info->name[sizeof(info->name)-1] = 0;
 		strncpy((char *)info->subname, pcm->name, sizeof(info->subname));
+		info->subname[sizeof(info->subname)-1] = 0;
 	}
 	info->subdevices_count = 1;
 	return 0;
diff --git a/src/pcm/pcm_ioplug.c b/src/pcm/pcm_ioplug.c
index 7a782e6..296dea0 100644
--- a/src/pcm/pcm_ioplug.c
+++ b/src/pcm/pcm_ioplug.c
@@ -74,8 +74,11 @@  static int snd_pcm_ioplug_info(snd_pcm_t *pcm, snd_pcm_info_t *info)
 	info->card = -1;
 	if (pcm->name) {
 		strncpy((char *)info->id, pcm->name, sizeof(info->id));
+		info->id[sizeof(info->id)-1] = 0;
 		strncpy((char *)info->name, pcm->name, sizeof(info->name));
+		info->name[sizeof(info->name)-1] = 0;
 		strncpy((char *)info->subname, pcm->name, sizeof(info->subname));
+		info->subname[sizeof(info->subname)-1] = 0;
 	}
 	info->subdevices_count = 1;
 	return 0;
diff --git a/src/pcm/pcm_null.c b/src/pcm/pcm_null.c
index 7afe158..ffe2059 100644
--- a/src/pcm/pcm_null.c
+++ b/src/pcm/pcm_null.c
@@ -72,8 +72,11 @@  static int snd_pcm_null_info(snd_pcm_t *pcm, snd_pcm_info_t * info)
 	info->card = -1;
 	if (pcm->name) {
 		strncpy((char *)info->id, pcm->name, sizeof(info->id));
+		info->id[sizeof(info->id)-1] = 0;
 		strncpy((char *)info->name, pcm->name, sizeof(info->name));
+		info->name[sizeof(info->name)-1] = 0;
 		strncpy((char *)info->subname, pcm->name, sizeof(info->subname));
+		info->subname[sizeof(info->subname)-1] = 0;
 	}
 	info->subdevices_count = 1;
 	return 0;
diff --git a/src/seq/seq.c b/src/seq/seq.c
index 983c4fa..b70a640 100644
--- a/src/seq/seq.c
+++ b/src/seq/seq.c
@@ -1745,6 +1745,7 @@  void snd_seq_client_info_set_name(snd_seq_client_info_t *info, const char *name)
 {
 	assert(info && name);
 	strncpy(info->name, name, sizeof(info->name));
+	info->name[sizeof(info->name)-1] = 0;
 }
 
 /**
@@ -2178,6 +2179,7 @@  void snd_seq_port_info_set_name(snd_seq_port_info_t *info, const char *name)
 {
 	assert(info && name);
 	strncpy(info->name, name, sizeof(info->name));
+	info->name[sizeof(info->name)-1] = 0;
 }
 
 /**
@@ -3123,6 +3125,7 @@  void snd_seq_queue_info_set_name(snd_seq_queue_info_t *info, const char *name)
 {
 	assert(info && name);
 	strncpy(info->name, name, sizeof(info->name));
+	info->name[sizeof(info->name)-1] = 0;
 }
 
 /**
@@ -3280,6 +3283,7 @@  int snd_seq_query_named_queue(snd_seq_t *seq, const char *name)
 	snd_seq_queue_info_t info;
 	assert(seq && name);
 	strncpy(info.name, name, sizeof(info.name));
+	info.name[sizeof(info.name)-1] = 0;
 	err = seq->ops->get_named_queue(seq, &info);
 	if (err < 0)
 		return err;